Get-VM and non-privileged user in scheduled task


  • Hi,


    • Domain “nice.domain”
    • script server “server1.nice.domain”
    • Hyper-V hypervisor “hyperv1.nice.domain”
    • all Windows Server 2012 R2
    • script user “nice\script”
    • script user is member of “Hyper-V Administrators” group on hyperv1.
    • script user has the “Log on as a batch job” right on server1

    Scenario 1:

    Get-VM -Computername hyperv1

    in a Powershell console window on server1 (which was started with “run as different user”) will show a nice list of VMs on the hypervisor.

    Scenario 2:


    Get-VM -Computername hyperv1

    in a scheduled task script that runs as the script user on server1 will return NOTHING. No, also no exception thrown. Other Hyper-V cmdlets seem to work, f.e.

    Get-VMHost -Computername hyperv1



    • Making the script user a member of the “Administrators” group on “server1” works, but that’s not good security.
    • Adding the script user to the “Administrators” group on hyperv1 does not help
    • It’s obviously a problem on server1, something stops Get-VM from working in a scheduled task.

    Question: which rights or security settings are missing in Scenario 2?

    you can also look at my blog post:

    Wednesday, February 8, 2017 10:05 PM

All replies